EPISODE · Jun 15, 2025 · 15 MIN
Episode 31: Insider Threats, Organized Crime, and Shadow IT (Domain 2)
from Certified: The CompTIA Security+ Audio Course · host Dr. Jason Edwards
Some of the most damaging cybersecurity incidents originate not from unknown hackers, but from within—through employees, vendors, or unmanaged systems operating outside official channels. In this episode, we explore insider threats in depth, breaking them into categories like malicious insiders, negligent users, and compromised individuals, each presenting different risks to data confidentiality, integrity, and availability. We also analyze the operations of organized cybercrime groups, which leverage ransomware, credential theft, and social engineering for financial gain, often deploying sophisticated malware and maintaining persistent access to high-value networks. Shadow IT adds another layer of complexity, referring to the use of unauthorized applications, services, or devices that bypass IT governance and increase the attack surface. These systems often lack monitoring, patching, or formal integration, making them vulnerable entry points and data leakage vectors. We discuss how policy enforcement, user education, network segmentation, and asset discovery tools can mitigate these blended internal threats. Recognizing and managing what happens inside the perimeter is just as important as defending against external adversaries.
What this episode covers
Some of the most damaging cybersecurity incidents originate not from unknown hackers, but from within—through employees, vendors, or unmanaged systems operating outside official channels. In this episode, we explore insider threats in depth, breaking them into categories like malicious insiders, negligent users, and compromised individuals, each presenting different risks to data confidentiality, integrity, and availability. We also analyze the operations of organized cybercrime groups, which leverage ransomware, credential theft, and social engineering for financial gain, often deploying sophisticated malware and maintaining persistent access to high-value networks. Shadow IT adds another layer of complexity, referring to the use of unauthorized applications, services, or devices that bypass IT governance and increase the attack surface. These systems often lack monitoring, patching, or formal integration, making them vulnerable entry points and data leakage vectors. We discuss how policy enforcement, user education, network segmentation, and asset discovery tools can mitigate these blended internal threats. Recognizing and managing what happens inside the perimeter is just as important as defending against external adversaries.
NOW PLAYING
Episode 31: Insider Threats, Organized Crime, and Shadow IT (Domain 2)
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m